Rapid7 Blog

Weekly Update: Introducing Metasploit 4.5.3

POST STATS:

SHARE

Version bump to Metasploit 4.5.3

This week, we've incremented the Metasploit version number by one trivial point to 4.5.3 -- this was mainly done to ensure that new users get the fixes for the fourmostrecentvulnerabilitiesthat were fixed by Rails 3.2.13. While we're not aware of any exploits out there that are targeting Metasploit in particular (and these vulns do require to be targeting specific applications), you'd be advised to update at your earliest convenience.

In addition, 4.5.3 is once again a code-signed executable for Windows -- Linux users can still verify their bins by checking the appropriate SHA1 and PGP signature. Since we go to all the trouble of producing these signatures, you should probably check them. Not getting backdoored is a Good Thing.

Kali Linux

This is the first update released after our integration with the new and improved Kali Linux, I'm super excited about supporting Kali for real as a Metasploit platform with all the QA love that we give Ubuntu, Red Hat, and Windows. More interestingly, from a technical standpoint, Metasploit Framework, Community & Pro have all been built as as Debian packages, so if this whole Kali thing works out, I'm cautiously optimistic about packaging in a similar way for similar platforms -- Ubuntu, Mint, Debian, and all the rest. That will be a glorious day indeed.

YARD

Finally, if you've been tracking along the commit history, you will have noticed that we've been embracing YARD as a standard for decorating classes and methods in the core Metasploit library. So, if you'd like to get some up-to-date documentation on an API call that you find a little mysterious, you can try typing yard doc in the top level of your Metasploit Framework source checkout then click around doc/index.html with your favorite browser.

If you don't find the documentation that you're looking for at that point, then hey, feel free to write some! We will totally take a pull request of insightful documentation for our many APIs, and YARD doc syntax is pretty easy to get a handle on. Check the YARD Guides to get started.

New Modules

Here are this week's new modules. It's an even dozen for your pen-testing pleasure.

Availability

If you're new to Metasploit, you can get started by downloading Metasploit for Linux or Windows. If you're already tracking the bleeding-edge of Metasploit development, then these modules are but an msfupdate command away. For readers who prefer the packaged updates for Metasploit Community and Metasploit Pro, you'll be able to install the new hotness today when you check for updates through the Software Updates menu under Administration.

For additional details on what's changed and what's current, please see Brandont's most excellent release notes.